| Description:
|
Details
Win32.Idele.2108
It is a memory resident encrypted parasitic Win32 virus. While infecting the virus uses entry-point-obscuring technology (EPO) and does not modify file entry procedure address, but patches program code with JMP_Virus instructions. When program is run, and affected code branch gets control, the virus code is activated.
The virus then runs a background "thread" and stays as a process of infected application. As a result the virus is per-process memory resident, and it is active till the moment infected application is terminated.
Working in background the virus scans all disk drives, looks for PE EXE files on there, and infects them. The infection routine has a bug and in some cases infected files are corrupted by the virus.
The virus does not manifest itself in any way. It contains the text string:
Idele virus version 1.9DoxtorL./[T.I]/Dec.Y2K' |
